Oh boy, a chain blog entry! Dave Walker called me out to talk about securing email; who am I to refuse?
You should secure your email. Am I done?
OK, so that’s not the best supported argument. If everyone secured their email there would be virtually no spam, but any system that doesn’t show benefits at even 10% participation is more or less doomed. However, the benefit of securing email kick in much earlier when dealing with phishers.
One thing I worry about is whether my relatives are able to tell spoofed emails from real ones, and that they don’t provide personal information to any site emailed to them. If large companies start taking security seriously, if they start signing their emails and educate their users to look for their signature, we’ll start to see a dent in phishing. If Amazon, eBay, PayPal and various banks start, they’ll influence the smaller companies to start doing it.
To help influence the influencers, you can (and should!) start signing your emails today. There are two ways to get started, and they aren’t exclusive. Many people use both signatures in their emails. Either one will take about 15 minutes, much less than getting your first email account set up probably took.
The first is to get a free S/MIME certificate from a company like thawte. I did this a while ago but I lost my certificate and had to try to retrieve my password. It was a frustrating process; I assume registering in the first place was as well since I used “Which company is pissing you off right now?” for my 5th security question. However, I still recommend this method as easier and tech support was very helpful.
There’s an amazing guide for OS X Mail, as well as instructions for Thunderbird on Windows, and these signatures work for virtually all email clients. As soon as you get your certificate installed, your emails will start showing up as secure. How cool will that make you look, when your clients see your email in their inbox highlighted as secure?
Answer: moderately to not at all cool, but they’ll still be impressed with the geek mystique.